Detections
Analytics
Mozilla Thunderbird < 45.6 Multiple Vulnerabilities (macOS)
critical Nessus Plugin ID 96268
Language:
Synopsis
The remote macOS or Mac OS X host contains a mail client that is affected by multiple vulnerabilities.Description
The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.6. It is, therefore, affected by the following vulnerabilities :- Multiple memory corruption issues exists, such as when handling document state changes or HTML5 content, or else due to dereferencing already freed memory or improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9893)
- A security bypass vulnerability exists due to event handlers for marquee elements being executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. An unauthenticated, remote attacker can exploit this to impact integrity. (CVE-2016-9895)
- A memory corruption issue exists in libGLES when WebGL functions use a vector constructor with a varying array within libGLES. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9897)
- A use-after-free error exists in Editor, specifically within file editor/libeditor/HTMLEditor.cpp, when handling DOM subtrees. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-9898)
- A use-after-free error exists in the nsNodeUtils::CloneAndAdopt() function within file dom/base/nsNodeUtils.cpp, while manipulating DOM events and removing audio elements, due to improper handling of failing node adoption. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-9899)
- A security bypass vulnerability exists in the nsDataDocumentContentPolicy::ShouldLoad() function within file dom/base/nsDataDocumentContentPolicy.cpp that allows external resources to be inappropriately loaded by SVG images by utilizing 'data:' URLs. An unauthenticated, remote attacker can exploit this to disclose sensitive cross-domain information.
(CVE-2016-9900)
- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to determine whether an atom is used by another compartment or zone in specific contexts, by utilizing a JavaScript Map/Set timing attack. (CVE-2016-9904)
- A flaw exists in the nsDocument::EnumerateSubDocuments() function within file dom/base/nsDocument.cpp when adding and removing sub-documents. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-9905)
Solution
Upgrade to Mozilla Thunderbird version 45.6 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
Plugin Details
Severity: Critical
ID: 96268
File Name: macosx_thunderbird_45_6.nasl
Version: 1.7
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 1/3/2017
Updated: 11/13/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2016-9899
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mozilla:thunderbird
Required KB Items: MacOSX/Thunderbird/Installed
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/28/2016
Vulnerability Publication Date: 8/10/2016
Exploitable With
Core Impact
Reference Information
CVE: CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9904, CVE-2016-9905
MFSA: 2016-96